#!/bin/bash

# firewall.conf - firewall configuration settings.

# INTERFACES: public (internet facing) interfaces
# iptables does not understand interface aliasing
pub_iface="vnet0"
pub_ip="66.199.140.46 69.172.205.200"

# private (secure LAN facing) interfaces
pvt_iface=""
pvt_ip=""

# localhost (you probably dont want to change this)
lo_iface="lo"
lo_ip="127.0.0.1" 

# ALLOW PORTS:
# ports to make availiable to the universe
pub_ports="22 80 443 2222"

# ports to only make available to limited networks
pvt_ports=""

# DEFAULT POLICIES: should be set to one of the following; ACCEPT,DROP,QUEUE,RETURN
policy_input="DROP"
policy_output="ACCEPT"
policy_forward="DROP"

# TRUSTED NETWORKS: USE WITH CARE - any network entered in TRUST_NETS will allow ALL ports!
# this should be stated in CIDR format.
trust_nets=""

# BLACKLIST FILES: a directory to look for blacklist files.
blacklist_files="/usr/local/sbin/zfw/blacklist"

# BRUTE FORCED PORTS: ports that we see quite a bit of brute force activity on
brute_ports="22"

# ENABLES
# module loading (NO for kernel built-in)...
enable_module_load="NO"
enable_module_list="nf_conntrack_ipv4 iptable_filter ip_tables xt_state nf_conntrack xt_pkttype xt_tcpudp x_tables"
# torrent.... 
enable_torrent="NO"
# logging...
enable_logging="NO"
# ftp...
enable_ftp="NO"
# block broadcasts...
enable_bcast_block="NO"
# enable blacklists...
enable_blacklist="YES"
# enable NTP...
enable_ntp="YES"
# enable brute force limitations...
enable_brute_limit="YES"

# EOF TEST

